int wmain(int argc, wchar_t *argv[], wchar_t *envp[])
{
HANDLE proc = 0;
HANDLE procThread = 0;
bool notified = false;
while (proc == 0)
{
proc = GetProcessByName(PROC_NAME);
if (proc == 0)
{
if (!notified)
{
printf("Waiting for RobotArena3.exe to start... gle=%x\n", GetLastError());
notified = true;
}
Sleep(1);
}
}
void *paramAddr = VirtualAllocEx(proc, 0, 0x1000, MEM_COMMIT, PAGE_READWRITE);
SIZE_T bytesWritten = 0;
wchar_t dllPath[MAX_PATH];
int len = GetCurrentDirectory(MAX_PATH, dllPath);
wcscpy(dllPath + len, L"\\" DLL_NAME);
WriteProcessMemory(proc, paramAddr, dllPath, 0x100, &bytesWritten);
HANDLE thread = CreateRemoteThread(proc, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibrary, (LPVOID)paramAddr, 0, 0);
if (procThread)
{
ResumeThread(procThread);
}
}
int main() {
HANDLE proc = 0;
HANDLE procThread = 0;
bool notified = false;
while (proc == 0) {
proc = GetProcessByName(PROC_NAME);
if (proc == 0) {
if (!notified) {
printf("proc doesn't exist, waiting... gle=%x\n", GetLastError());
notified = true;
}
Sleep(1);
}
}
void *paramAddr = VirtualAllocEx(proc, 0, 0x1000, MEM_COMMIT, PAGE_READWRITE);
SIZE_T bytesWritten = 0;
char dllPath[MAX_PATH];
int len = GetCurrentDirectory(MAX_PATH, dllPath);
strcpy(dllPath + len, "\\" DLL_NAME);
WriteProcessMemory(proc, paramAddr, dllPath, 0x100, &bytesWritten);
HANDLE thread = CreateRemoteThread(proc, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibraryA, (LPVOID)paramAddr, 0, 0);
if (procThread) {
ResumeThread(procThread);
}
}
DWORD WINAPI Injection(LPVOID lpParameter)
{
_TCHAR* ptszProcessName = (_TCHAR*)lpParameter;
HANDLE hProcess;
do
{
hProcess = GetProcessByName(ptszProcessName);
} while (hProcess == INVALID_HANDLE_VALUE);
bool bInjected = Inject(hProcess, INJECTION_TARGET);
if (!bInjected)
printf("Injection Error %d\n", GetLastError());
else
printf("Injection Succeeded\n");
return 0;
}
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
PEPROCESS Process;
DWORD BuildNum;//系统版本
//
// Create dispatch points for device control, create, close.
//
DriverObject->MajorFunction[IRP_MJ_CREATE] = SuperhidedllDispatchCreate;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = SuperhidedllDispatchClose;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = SuperhidedllDispatchDeviceControl;
DriverObject->DriverUnload = SuperhidedllUnload;
PsGetVersion(NULL,NULL,&BuildNum,NULL);
if (BuildNum!=2600)
{
DbgPrint("Sorry,This driver only supported on Windows XP!\n");
return STATUS_SUCCESS;
}
Process=GetProcessByName("explorer.exe");
if (Process)
{
//
//简单测试,隐藏Explorer.exe中的kernel32.dll
//
HideDllFromProcess(Process,"kernel32.dll");
}
else{
DbgPrint("Could not found target process.\n");
}
return STATUS_SUCCESS;
}
DWORD WINAPI LolSceneSwitch::MonitorThread(_In_ LPVOID lpParam)
{
LolSceneSwitch * instance = static_cast<LolSceneSwitch *>(lpParam);
unsigned int const INTERVALL = instance->settings.intervall;
// Handles etc. for the client
HANDLE clientProcess = nullptr;
HWND clientWindow = nullptr;
DWORD clientPid = 0;
// Handles etc. for the game
HANDLE gameProcess = nullptr;
HWND gameWindow = nullptr;
DWORD gamePid;
FILETIME gameStartTime;
// temp var for saving the exit code
DWORD exitCode;
// Used to read the log file
LogReader * reader = nullptr;
// Stuff for reading memory
PointerPath32 clienStatePointer({ -0x658, 0x78, 0x610, 0x4, 0xe48 });
PointerPath32 map1Pointer({ -0x9C0, 0x20 });
PointerPath32 map2Pointer({ -0x9C4, 0x20 });
DWORD clientStateAddress = 0;
long clientState = 0;
DWORD mapAddress = 0;
// info variables of the state of LoL
bool ingame = false;
bool postGame = false;
State state = State::CLIENTOUT;
State oldState = State::CLIENTOUT;
bool newMapInfo = false;
// The main loop for monitoring LoL
while (instance->runMonitoring)
{
// Try to get handles for the client and game process
if (clientProcess == nullptr)
{
clientProcess = GetProcessByName(TEXT("LolClient.exe"), clientPid);
}
if (gameProcess == nullptr)
{
gameProcess = GetProcessByName(TEXT("League of Legends.exe"), gamePid);
if (gameProcess != nullptr)
{
ingame = true;
FILETIME temp;
GetProcessTimes(gameProcess, &gameStartTime, &temp, &temp, &temp);
}
}
// We have a client handle
if (clientProcess != nullptr)
{
// check if it's still running
if (GetExitCodeProcess(clientProcess, &exitCode) && exitCode == STILL_ACTIVE)
{
if (clientWindow == nullptr)
{
clientWindow = GetWindowById(clientPid);
}
if (clientStateAddress == 0)
{
clientStateAddress = PointerPath32::GetThreadAddress(clientProcess, clientPid, 0);
}
if (!ingame)
{
if (instance->settings.scenes[State::CLIENTOUT].single.IsEmpty() ||
(clientWindow != nullptr && HasFocus(clientWindow)))
{
if (clienStatePointer.Deref(clientProcess, clientStateAddress, clientState) && clientState == 1)
{
if (postGame)
{
state = State::POSTGAME;
}
else
{
state = State::CHAMPSELECT;
}
}
else
{
postGame = false;
state = State::CLIENT;
}
}
else
{
state = State::CLIENTOUT;
}
}
}
else
{
Log("INFO | LolSceneSwitch::MonitorThread | LoL client process exited!");
CloseHandle(clientProcess);
clientProcess = nullptr;
clientWindow = nullptr;
clientStateAddress = 0;
}
}
// we have a game handle
if (gameProcess != nullptr)
{
// check if it's still running
if (GetExitCodeProcess(gameProcess, &exitCode) && exitCode == STILL_ACTIVE)
{
if (gameWindow == nullptr)
{
gameWindow = GetWindowById(gamePid);
}
if (reader == nullptr)
{
HANDLE file = GetLogFile(instance->settings.lolPath, &gameStartTime);
if (file != nullptr)
{
reader = &LogReader(file);
}
}
if (mapAddress == 0)
{
mapAddress = PointerPath32::GetThreadAddress(gameProcess, gamePid, 0);
}
if (instance->currentMap == Map::UNKNOWN)
{
std::string mapString1 = map1Pointer.Deref(gameProcess, mapAddress, 5);
std::string mapString2 = map2Pointer.Deref(gameProcess, mapAddress, 5);
if (mapString1.compare("Map1") == 0 || mapString2.compare("Map1") == 0 ||
mapString1.compare("Map11") == 0 || mapString2.compare("Map11") == 0)
{
Log("INFO | LolSceneSwitch::MonitorThread | Map is Summoners Rift!");
instance->currentMap = Map::SUMMONERS_RIFT;
newMapInfo = true;
}
else if (mapString1.compare("Map8") == 0 || mapString2.compare("Map8") == 0)
{
Log("INFO | LolSceneSwitch::MonitorThread | Map is Crystal Scar!");
instance->currentMap = Map::CRYSTAL_SCAR;
newMapInfo = true;
}
else if (mapString1.compare("Map10") == 0 || mapString2.compare("Map10") == 0)
{
Log("INFO | LolSceneSwitch::MonitorThread | Map is Twisted Treeline!");
instance->currentMap = Map::TWISTED_TREELINE;
newMapInfo = true;
}
else if (mapString1.compare("Map12") == 0 || mapString2.compare("Map12") == 0)
{
Log("INFO | LolSceneSwitch::MonitorThread | Map is Howling Abyss!");
instance->currentMap = Map::HOWLING_ABYSS;
newMapInfo = true;
}
}
if (reader != nullptr && (instance->settings.scenes[State::GAMEOUT].single.IsEmpty() ||
(gameWindow != nullptr && HasFocus(gameWindow))))
{
state = reader->GetState();
}
else
{
state = State::GAMEOUT;
}
}
else
{
Log("INFO | LolSceneSwitch::MonitorThread | LoL game process exited!");
ingame = false;
postGame = true;
CloseHandle(gameProcess);
gameProcess = nullptr;
gameWindow = nullptr;
reader = nullptr;
instance->currentMap = Map::UNKNOWN;
mapAddress = 0;
}
}
if (state != oldState || newMapInfo)
{
// Something has changed!!!
Log("INFO | LolSceneSwitch::MonitorThread | New state:", static_cast<long long>(state));
oldState = state;
newMapInfo = false;
instance->ChangeScene(state);
}
Sleep(INTERVALL);
}
return 0;
}
static Process* takeExisting(string name) {
HANDLE hProcess = GetProcessByName(name);
return hProcess == NULL ? NULL : new Process(hProcess);
}
static Process* takeExisting(string name) {
HPROCESS hProcess = GetProcessByName(name);
return !hProcess ? NULL : new Process(hProcess);
}
